OPNsense Forum

English Forums => General Discussion => Topic started by: fox983 on September 28, 2015, 06:11:46 pm

Title: Website blacklist
Post by: fox983 on September 28, 2015, 06:11:46 pm

Hello, in regard of proxy (transparent mode), it should block navigation if I set in blacklist a specific website. In fact it blocks only HTTP, not HTTPS. How can I set it right?
PS: Is it possible without proxy?
Thank you

Title: Re: Website blacklist
Post by: Supermule on September 28, 2015, 06:27:46 pm

You cant block HTTPS since its a secure connection.

Title: Re: Website blacklist
Post by: fox983 on September 29, 2015, 09:30:45 am

Reply by myself, Domain Overrides trought DNS Forworder could be the solution. It can be useful to someone.....?

Title: Re: Website blacklist
Post by: franco on September 30, 2015, 08:18:40 am

MITM support for the proxy isn't built in, although squid is a capable. You can configure it manually. I have no ETA on when this will be available in the GUI.

Title: Re: Website blacklist
Post by: juha on September 30, 2015, 11:51:38 am

Quote from: fox983 on September 28, 2015, 06:11:46 pm

PS: Is it possible without proxy?

This seems to work ...

Firewall -> Aliases -> Add new alias

Name: facebook
Description: facebook
Type: Host(s)
Host(s): www.facebook.com

-> Save

Firewall -> Rules -> LAN -> add new rule

Action: Reject
Protocol: TCP
Destination: facebook
Description: Block facebook

-> Save

Title: Re: Website blacklist
Post by: fox983 on October 01, 2015, 12:46:20 pm

Thank you all, which one is better to set, mine (Domanin Overrides) or juha's (Firewall Alias)?

Title: Re: Website blacklist
Post by: Zeitkind on October 02, 2015, 01:18:32 am

I normally prefer using squid. Something like:

acl donotsurfatwork dstdomain .facebook.com (and .ebay.com .twitter.com etc. pp.)
http_access deny CONNECT donotsurfatwork
http_reply_access deny donotsurfatwork

But I have no idea if this works on OPNsense right now..
Still hoping to see support for compressed acl-lists ^^